IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Modify Content-Security-Policy for Swagger UI (#63568)

Browse Source 
* Modify Content-Security-Policy for Swagger UI

* check if CSP is empty

Co-authored-by: João Calisto <joao.calisto@grafana.com>

* check if CSP is empty in swagger.go

---------

Co-authored-by: João Calisto <joao.calisto@grafana.com>
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
This commit is contained in:
Kristian Bremberg 2023-08-01 10:27:44 +02:00 committed by GitHub
parent 1869da1d86
commit 9b4dde7430
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 30 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
pkg/api/openapi3.go
View File

@ -2,10 +2,21 @@ package api
import (
"net/http"
"strings"
contextmodel "github.com/grafana/grafana/pkg/services/contexthandler/model"
)
func openapi3(c *contextmodel.ReqContext) {
c.HTML(http.StatusOK, "openapi3", nil)
data := map[string]interface{}{
"Nonce": c.RequestNonce,
}
// Add CSP for unpkg.com to allow loading of Swagger UI assets
if existingCSP := c.Resp.Header().Get("Content-Security-Policy"); existingCSP != "" {
newCSP := strings.Replace(existingCSP, "style-src", "style-src https://unpkg.com/", 1)
c.Resp.Header().Set("Content-Security-Policy", newCSP)
}
c.HTML(http.StatusOK, "openapi3", data)
}

13
pkg/api/swagger.go
View File

@ -2,10 +2,21 @@ package api
import (
"net/http"
"strings"
contextmodel "github.com/grafana/grafana/pkg/services/contexthandler/model"
)
func swaggerUI(c *contextmodel.ReqContext) {
c.HTML(http.StatusOK, "swagger", nil)
data := map[string]interface{}{
"Nonce": c.RequestNonce,
}
// Add CSP for unpkg.com to allow loading of Swagger UI assets
if existingCSP := c.Resp.Header().Get("Content-Security-Policy"); existingCSP != "" {
newCSP := strings.Replace(existingCSP, "style-src", "style-src https://unpkg.com/", 1)
c.Resp.Header().Set("Content-Security-Policy", newCSP)
}
c.HTML(http.StatusOK, "swagger", data)
}

6
public/views/openapi3.html
View File

@ -33,9 +33,9 @@
<body>
<div id="swagger-ui"></div>
<script src="https://unpkg.com/swagger-ui-dist@4.3.0/swagger-ui-bundle.js" charset="UTF-8" integrity="sha384-BGJ5JzR5LEl4ETmxXXlZtXtMWj3uQ9jj9/OHe3yrn5rrtAyLOz1SyyzwMfuwZgPc" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
<script src="https://unpkg.com/swagger-ui-dist@4.3.0/swagger-ui-standalone-preset.js" charset="UTF-8" integrity="sha384-AWSfISmlS8fS336GXRkpL0Uv6EbCpsFfXDUwmklhbb3SctGSuvXWBcbjERjgf/e4" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
<script>
<script nonce="[[.Nonce]]" src="https://unpkg.com/swagger-ui-dist@4.3.0/swagger-ui-bundle.js" charset="UTF-8" integrity="sha384-BGJ5JzR5LEl4ETmxXXlZtXtMWj3uQ9jj9/OHe3yrn5rrtAyLOz1SyyzwMfuwZgPc" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
<script nonce="[[.Nonce]]" src="https://unpkg.com/swagger-ui-dist@4.3.0/swagger-ui-standalone-preset.js" charset="UTF-8" integrity="sha384-AWSfISmlS8fS336GXRkpL0Uv6EbCpsFfXDUwmklhbb3SctGSuvXWBcbjERjgf/e4" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
<script nonce="[[.Nonce]]">
window.onload = function() {
// Begin Swagger UI call region
const ui = SwaggerUIBundle({

6
public/views/swagger.html
View File

@ -33,9 +33,9 @@
<body>
<div id="swagger-ui"></div>
<script src="https://unpkg.com/swagger-ui-dist@4.3.0/swagger-ui-bundle.js" charset="UTF-8" integrity="sha384-BGJ5JzR5LEl4ETmxXXlZtXtMWj3uQ9jj9/OHe3yrn5rrtAyLOz1SyyzwMfuwZgPc" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
<script src="https://unpkg.com/swagger-ui-dist@4.3.0/swagger-ui-standalone-preset.js" charset="UTF-8" integrity="sha384-AWSfISmlS8fS336GXRkpL0Uv6EbCpsFfXDUwmklhbb3SctGSuvXWBcbjERjgf/e4" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
<script>
<script nonce="[[.Nonce]]" src="https://unpkg.com/swagger-ui-dist@4.3.0/swagger-ui-bundle.js" charset="UTF-8" integrity="sha384-BGJ5JzR5LEl4ETmxXXlZtXtMWj3uQ9jj9/OHe3yrn5rrtAyLOz1SyyzwMfuwZgPc" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
<script nonce="[[.Nonce]]" src="https://unpkg.com/swagger-ui-dist@4.3.0/swagger-ui-standalone-preset.js" charset="UTF-8" integrity="sha384-AWSfISmlS8fS336GXRkpL0Uv6EbCpsFfXDUwmklhbb3SctGSuvXWBcbjERjgf/e4" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
<script nonce="[[.Nonce]]">
window.onload = function() {
// Begin Swagger UI call region
const ui = SwaggerUIBundle({